> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Get started with Protected Auth

> Use Protected Auth to defend your signup and login flows.

## Overview

If you are using Stytch for [Consumer](/consumer-auth/overview) or [Multi-tenant authentication](https://staging.stytch.com/docs/multi-tenant-auth/overview), you can use Protected Auth to ensure that only legitimate users can access your auth flows.

Protected Auth is a frontend SDK feature that uses [Device Fingerprinting](/fraud-risk/concepts/device-fingerprinting/overview) to block bots and other suspicious activity at signup and login time.

<Info>
  To use Protected Auth, you must use Stytch for authentication. If you use another authentication provider, you will integrate Device Fingerprinting [using the API](/fraud-risk/get-started/using-dfp-api).
</Info>

This guide shows you how to set up Protected Auth. By the end, you'll have:

* Installed the frontend SDK.
* Turned on **Observation mode**.
* Turn on **Enforcement mode**.

***

## Prerequisites

* [JavaScript](/api-reference/b2b/frontend-sdks/vanilla-js/overview) frontend SDK or mobile SDK ([React Native](/api-reference/b2b/mobile-sdks/react-native/overview), [iOS](/api-reference/b2b/mobile-sdks/ios-sdk), or [Android](/api-reference/b2b/mobile-sdks/android-sdk)) installed. Minimum versions required:
  * Vanilla JS SDK: `v2.2.0`
  * React Native SDK: `v0.12.0`
  * iOS SDK: `v0.18.0`
  * Android SDK: `v0.14.0`
* An existing Stytch B2B or Consumer project in the [Dashboard](https://www.stytch.com/dashboard).
* The `project_id` and `secret` for your project's Test environment. These can be found under your project's *Project ID & API keys* section in the [Dashboard](https://www.stytch.com/dashboard).
* Device Fingerprinting [enabled for your project](https://stytch.com/dashboard/dfp-rules).
  * If you don't have Device Fingerprinting enabled, you can [request access here](https://offers.stytch.com/dfp-30-day-trial?utm_source=stytch_docs\&utm_medium=direct\&utm_content=dfp_30_day_trial).

## Get started

<Steps>
  <Step title="Install the SDK">
    Follow the [Quickstart](/get-started/quickstart) to get started with the SDK.
  </Step>

  <Step title="Enable Protected Auth in the Dashboard">
    Enable **Protected Auth** under [Frontend SDK settings](https://stytch.com/dashboard/sdk-configuration) in the Dashboard:

    <Frame>
      <img src="https://mintcdn.com/stytch-34ca0595/_DTWyt9pNaDoObtz/images/fraud-risk/dfp-protection-on.png?fit=max&auto=format&n=_DTWyt9pNaDoObtz&q=85&s=64f8c86f3c4a0e71967a2c8559439343" alt="Turning on Protected Auth" width="3810" height="1776" data-path="images/fraud-risk/dfp-protection-on.png" />
    </Frame>
  </Step>

  <Step title="Observation mode">
    By default, the *Connection Type* is set to **Observation mode** when enabling Protected Auth. This mode:

    * Automatically generates and submits a fingerprint to the Stytch API.
    * The API will **not** enforce any action.

    In Observation mode, you can test Protected Auth on real traffic without risk as it will not block any requests and allow you to analyze the results safely.
  </Step>

  <Step title="View activity logs in the Dashboard">
    Results of automatic fingerprint lookups show up as [Device Fingerprinting Logs](https://stytch.com/dashboard/activity?tab=dfp-logs) in the Dashboard.

    <Frame>
      <img src="https://mintcdn.com/stytch-34ca0595/_DTWyt9pNaDoObtz/images/fraud-risk/dfp-dashboard.png?fit=max&auto=format&n=_DTWyt9pNaDoObtz&q=85&s=1c5a306552c461ec9223171a0a7e1bce" alt="Device Fingerprinting Dashboard" width="3794" height="1786" data-path="images/fraud-risk/dfp-dashboard.png" />
    </Frame>

    This will give you a high-level view of the various fingerprints, verdicts, and verdict reasons your application is experiencing. You can view details of individual fingerprints to understand the various devices that are querying your service.
  </Step>

  <Step title="Enable Enforcement mode">
    Once you are comfortable with the verdicts for your traffic, you can switch the *Connect Type* to **Enforcement mode**. This enables the Stytch API to react to each lookup triggered by the SDK:

    * For `ALLOW` verdicts, continue requests in the normal authentication flow.
    * For `BLOCK` verdicts, reject requests and return a `401`.
    * For `CHALLENGE` verdicts, the default behavior will continue requests as if they received an `ALLOW` verdicts.
  </Step>

  <Step title="(Optional) Configure challenge verdict handling">
    You can configure how Protected Auth [handles challenge verdicts](/fraud-risk/device-fingerprinting/protected-auth#handling-challenge-verdicts) by adjusting the *Challenge handling* setting:

    <Frame>
      <img src="https://mintcdn.com/stytch-34ca0595/_DTWyt9pNaDoObtz/images/fraud-risk/enforcement-mode.png?fit=max&auto=format&n=_DTWyt9pNaDoObtz&q=85&s=41e7abf42cdee3df9e795948bde8af42" alt="Enforcement mode" width="2100" height="538" data-path="images/fraud-risk/enforcement-mode.png" />
    </Frame>
  </Step>
</Steps>

## What's next

<Columns cols={2}>
  <Card title="Challenge verdict" icon="arrow-up-right" href="/fraud-risk/device-fingerprinting/verdict/challenge">
    Learn more about options for handling challenge verdicts.
  </Card>
</Columns>

***

<Card title="Want to try Stytch Device Fingerprinting?" href="https://offers.stytch.com/dfp-30-day-trial?utm_source=stytch_docs&utm_medium=direct&utm_content=dfp_30_day_trial" cta="Start your trial ">
  Find out why Stytch's device intelligence is trusted by Calendly, Replit, and many more.
</Card>